Comment by hirako2000
4 hours ago
In fact a unique payment ID (e.g QR) to "push" payment is even safer. No redirect. That's how payment should be. Not an authorization given to pull from us, but the agency for us to push the amount.
4 hours ago
In fact a unique payment ID (e.g QR) to "push" payment is even safer. No redirect. That's how payment should be. Not an authorization given to pull from us, but the agency for us to push the amount.
This is exactly what India's UPI (Unified Payments Interface) works. No PII, just a UPI ID is given and the user gets a push notification in Android/iOS app for approval (with PIN or security enclave like fingerprint).
In fact, there is EPC code, but it is rarely used and bank support is abysmal, at least in our country. But that can also be because we have some homegrown local standard for payment QR codes (and a new one in the works, lol).
[0] https://en.wikipedia.org/wiki/EPC_QR_code
If I am understanding you correct, isn't this what UPI does already?
Yes. Common among Asian countries. Where authorizing a 3rd party to pull money isn't natural. Among the main reasons Uber failed there.